i'm working on a QoS troubleshooting issue, I want to know the order how the QoS ACLs will be getting processed.For example I have configured the ACLs AF11, AF12 and AF13, in what order switch will process the ACL? does it in a ascending order fashion?
View 1 RepliesI am implementing traffic export on the WAN interface of my 3725 router. I use a dialer interface for PPPoE which is applied to the Fa0/0 interface. This dialer WAN interface has Zone Based Firewall, NAT Outside, ACLs applied to it, as well as IP Traffic Export for an IPS. In what order would each of these items process a packet? In other words, is the order something like ZBF, ACL, IP Traffic Export, then NAT? How would QoS fit into something like this as well? I am asking because I am wondering how much processing the packets receive before they are mirrored over to my IPS.
View 1 Replies View RelatedI have 4 switches in a 3750-X stack.Here is the output from the stack why are the switches out of order and I'm not able to bring up switch 1 port 1.
switch 4 port 2 shows not connect it is I've checked the cables.
Power stack name: Powerstack-4
Stack mode: Power sharing
Switch 1:
Power budget: 695
Low port priority value: 22
High port priority value: 13
Switch priority value: 4
Port 1 status: Shut
Port 2 status: Connected
Neighbor on port 1: 0000.0000.0000
Neighbor on port 2: c471.fe84.e100
Switch 2:
Power budget: 713
Low port priority value: 21
High port priority value: 12
Switch priority value: 3
Port 1 status: Connected
Port 2 status: Connected
Neighbor on port 1: c471.fe85.3000
Neighbor on port 2: c471.fe80.2800
Switch 4:
Power budget: 697
Low port priority value: 19
High port priority value: 10
Switch priority value: 1
Port 1 status: Connected
Port 2 status: Not connected
Neighbor on port 1: c471.fe80.2800
Neighbor on port 2: 0000.0000.0000
Switch 3:
Power budget: 710
Low port priority value: 20
High port priority value: 11
Switch priority value: 2
Port 1 status: Connected
Port 2 status: Connected
Neighbor on port 1: c471.fe84.e100
Neighbor on port 2: c471.fe7f.eb00s
We have the problem that MPLS labeled packets are not being processed on EHWIC-1GE-SFP-CU if L3PDU + Shim-Header exceeds 1500 bytes.When we move the config exactly to the on-board Interface Gi0/0 it works with put any problems. [code]
View 1 Replies View Relateddirect me to a document detailing the order that line cards are supposed to boot in a 6500? I'm noticing random boot sequences in some of my chassis,?Note: We currently run Sup720 3CXL for the most part.
View 6 Replies View RelatedDo I need to run any special license (like IP SERVICES) on the Cisco Catalyst 4900M in order to run VRF lite?
View 4 Replies View RelatedI have a route-map on a 6500 thats is very definitely no longer required. 2 attempts to remove it have been a disaster.
[Code]...
The route-map and access-list ae not being used at all. Anyny tips for how I can get this removed - for info the process is mush easier on 7206 VXRs.
we have some problem with GRE traffic which is processed by CPU and not by CEF.In sniffed packets I can see a lot of "TCP window update" packets. I found that some kind of GRE traffic are forwarded to CPU, like packets with IP options or TTL=0 but non of those are seen in the sniffed packets.
View 2 Replies View Relatedunder ASA Version 8.0:Are NAT's processed from top to bottom or general to specific?I have a many-to-many NAT that is taking precedence over a one-to one-NAT. In what order are they processed?
View 1 Replies View RelatedI need 10gigbit uplink for this switch. What are the other devices that i need order along with this device.And what is the diff between X2-10GB-LR= and CVR-X2-SFP.if i take CVR-X2-SFP, in future how can i upgrade from one gig to 10 gig?for current use i need 10gig support required. so what are all the other devices that i need to order.Fiber multimode and distance 15Mt only.
View 2 Replies View Relatedi have an issue to connect a trunk between cisco switch and extreme switch i have many vlans that i want to cross via a link between cisco 3750 switch and a Extreme Alpine 3800 switch
View 12 Replies View Relatedwhat is the use of no switch port command in L3 switch?
View 7 Replies View RelatedI have two 3750-X configured to be a stack and I am planning to re-rack these somewhere else. What I would like to know is what are the effects of having the master switch itself lose power? Does it immediately just make the member take over master (there should be no election since there are only 2 switches??) and there would be no loss of connectivity?
View 1 Replies View RelatedI have a Catalyst 4006 switch in production and a spare switch of same model. I have to quickly copy the configuration from production switch to spare switch (both L2 and L3 configurations) How do I do that?
View 6 Replies View RelatedThe last few days I've been exploring options in getting rid of some old routers accross a wan connections. I have a cat 3560 to play with and I thought I would try and use the no switchport command test out routing with switch. I've got some type of route issue and I tried a few things which I thought would fix the issue but had no effect. I'll post the config and a few commands so you can see what the basic setup is.
Here we can see in the arp that it knows about both 10.7.1.2 (PC unable to ping 10.3.3.254) as well as 10.3.3.254 (ASA).I tried adding in a ip route of 10.7.0.0 255.255.0.0 10.3.3.110 as well as 10.3.3.254. Neither produced the results I wanted allowing 10.7.1.2 (PC) to ping the ASA (10.3.3.254). [code]
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net.
My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20
I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2)my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to go out to the internet. I think it has to do with the routes. [code]
I have the task of replicating the router config on a 3825 router on a 3750 switch. Reason is we are taking out the router and replacing it with the switch to make use of the router for other functions.
Below is main part of the router config:
!
ip source-route
ip cef
!
!
multilink bundle-name authenticated
!
license udi pid CISCO3825 sn FCZxxxxxxx
!
vlan internal allocation policy ascending
[code].....
The 3750 switch I have runs C3750E-UNIVERSALK9-M, Version 12.2(55)SE3 on a LAN BASE license.
The first thing I have done is to order for a license upgrade to IP BASE which would give the support for OSPF routing.I do not see much of an issue with the Interface configs, however, I am not too sure about replicating the routing config on the switch.
My question is can I run the commands as shown for the OSPF routing on the switch? If not, can I get suggestions on how best to set this up on the switch?
I recently set up a small photography business and am trying to get a Cisco 877 and Cisco SG300-10 switch to talk to each other.
What I want is for the Cisco 877 to handle the internet and the SG300-10 to handle the local network,
I have set up 2 vlans in trunk mode on the switch and want vlan2 to manage local traffic and vlan3 to handle the internet.
I have got the 877 connecting to the internet what I dont have, traffic going to vlan2 on the switch from the 877
Look at the running configs for the switch and the router and tell me how to get the vlan on the router to pass traffic to the switch. In a nutshell I am inserting the internet into the switch but am not sure how to progress. I have the c870-advipservicesk9 image file on the router.
Switch Config
interface gi2
description connection-to-data-vlan
exit
interface gi3
description connection-to-internet-vlan
exit
vlan database (code )
I have an environment of 3 X 3560G of which I have 1st switch-CORE(f0/10) connecting to the VPN router(CE) interface-f0/0. Remaining 2 Cisco 3560's(Access) are connected to Gi0/1 and Gi0/2 on the 1st switch-CORE via gi0/1 . On all three switches I have created multiple VLANs and assigned ports to these VLAN. The switch to switch connection is trunk allowing all VLANs created on all these 3 switches. Now the issue is how I am going to have all these VLANs routed through single interface on the routeri-e f0/0, as all these subnets will communicating to remote site over VPN. What should be default gateway on the 2 Access switches and the CORE switch, also what static route should be on router to reach all subnets(VLANs) created on these 3 switches.
I have read inter-VLAN routing i-e creating sub interfaces on router but dont want to proceed with that and looking for any other way to have my VLANs talk on all three switches and then are accessible to remote site ove VPN?
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net. My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20,I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2),my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to,go out to the internet.
View 3 Replies View RelatedI am trying to get my workstation to talk to a workstation on a different sub-net through a Cisco 3560 switch. The switch is running the following IOS version: [code]
My primary network is 172.16.0.0 and I am trying to connect to a device on a 192.168.111.0 sub-net. [code]
What would be the best way to get the two workstations talking via the switch?
I'm running into what seems a basic ip routing config problem with a Catalyst 3750 (IP Base) switch. I have several VLANS configured on the switch with IP routing enabled, and the switch is connected to the inside interace of a new ASA 5520 as follows:
ASA5520 IP (Default gateway): 192.168.1.1Switchport Gi1/0/1 is configured as a routed port, IP address 192.168.1.3 255.255.255.0Example VLAN is VLAN 100, IP address 192.168.100.1 255.255.252.0 From the switch CLI, I can ping all VLAN addresses, as well as the ASA5520, and the client laptop I'm testing with from VLAN 100.
From the client laptop on VLAN 100, I can ping all switch interface and VLAN addresses (inter-VLAN routing is working), including 192.168.1.3, but I CANNOT ping the default gateway at 192.168.1.1.
Here is the relevant configuration information on the 3750:
!
no aaa new-model
switch 1 provision ws-c3750x-24
system mtu routing 1500
[Code]....
I have a Cisco SG 300-20 as the core switch, layer 3. It is 192.168.4.6 on VLAN1 and 192.168.5.1 for VLAN2 (VOIP). All the ports are set in trunk mode. DHCP relay is setup on this switch.
The phones connected into a layer 2, Catalyst 2960-S switch. All ports are set in trunk mode. Default gateway on it is set to 192.168.5.1.
DHCP for both VLANs is provided by a Windows Server 2008 R2 server (the relay IP 192.168.4.15).
There is also an ASA 5510 in the mix which is 192.168.4.1. It has a route added to it for the 192.168.5.0 network to go to the SG 300 (192.168.5.1).
Just the two switches can ping each other on the 192.168.5.x network when I "add vlan 2" to the trunk port that is connected between the SG 300 and the 2960. The phones don't get DHCP on the 2960 switch. And I cannot ping 192.168.5.x from the ASA or anything else on the 192.168.4.x network.
After a bit of reading on intra-vlan routing for the SG 300 switch, I am thinking the SG 300 has to be the "center" of things so I need to make it 192.168.4.1 to be the gateway for both VLANs and change the ASA to 192.168.4.2 for VLAN1, etc. And I really can't do asymmetric routing with this switch.
Two Cisco C2960G Switches connected with each other using an EtherChannel Trunk Ports.IOS Image has been upgraded to c2960-lanbasek9-mz. 122- 58.SE2.bin.The global command "sdm prefer lanbase-routing" has been executed to set the default template to "lanbase-routing".The global command "ip routing" has been executed to enable the ip routing.An IP route has been configured in each switch to point to each other for the static routing purpose (Please see the 2 attached configuration files) The hosts in VLAN 111 and VLAN 110 are not able to see each other even the ip static routes have been configured.May be I have misconfigured some settings but not sure what's the actual problem.
View 11 Replies View Relatedmy company pay a switch 3750 X. WS-C3750X-24T-E. It uses IP services basically but I failed to configure InterVLAN routing. why interVLAN routing doesn't work on my switch?
View 10 Replies View RelatedYou can set the ME3400 switch set to the Routing SDM template such that it support PBR. That is done in the ASICs, right? Because if it is done in software the switch could quickly become overwhelmed.
View 2 Replies View RelatedI have a 3550 l3 switch configured as follows:
vlan 10 ports 1-10
vlan 21 ports 11-20
vlan 30 port 21-30
vlan 40 ports 31-40
default vlan should be vlan 21
I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19
[code]
Building configuration...
Current configuration : 4833 bytes
!
version 12.2
no service pad
[code]....
Does the Model "WS-C2960-24PC-L" Supports IP Routing or not?
View 9 Replies View RelatedI'm having some problems setting up vlans to talk to each other on a 3550-12T switch. Its quite a simple setup I have, but I need to split my network up.
Currently I have a network of 192.168.25.0 255.255.255.0 I want to create a new vlan network of 192.168.30.0 255.255.255.0 So I have configured my vlan1 (default vlan) to have an ip of 192.168.25.250 for getting to the management page
I have created a vlan2 of 192.168.30.1 255.255.255.0 ?I have a port 10 linked to one of my 3560G's?In port 9 which is on vlan2 I have my pc plugged in with a static ip of 192.168.30.50 from the router I can ping any device on 192.168.25.x.
I can not ping 192.168.30.1 (which is my vlan2) nor can i ping the PC.
I have enabled ip routing But I dont have a default route, this is becase we don't have a router on the network.
I am looking for a PoE switch with Routing capabilities (e.g osfp) something lower end than 3560E.
View 10 Replies View RelatedI have Layer_3 " 3750-x " , so I can't do any routing on the switch , so if I need to Upgrade the IOS what is the proffered image that support hte routing , and Is it free or should I pay?
View 7 Replies View RelatedI have recently purchased a a Cisco SGE2000 switch and when connected to it via console cable, I was introduced to "Switch main menu" which was kind of a GUI interface. I found a way of accessing what is called a lightweight CLI (lcli).After having a few searches on google it turns out that this switch doesn't have a proper CLI. Is this possible at all? I thought that all managed switches have CLI?
View 2 Replies View RelatedI have an SF-300-24 port switch and am having an issue. When a device says "Who has 192.168.0.1" (which is the default gateway) two devices are replying in the affirmative, and therefor the MAC address table is getting screwed up. I know the correct MAC address of 192.168.0.1 is 00:1b:21:95:02:b0, so how do I tell the router to disgard any packets that say otherwise? I tried to figure out DHCP snooping and IP source guard, and ARP Inspection, but I am not getting anywhere and keep losing connectivity to the switch.
Obviously a device on the network is misconfigured, unfortunately it is a large wireless network and the misconfigured device is 30 miles away on the top of a mountain. I am hoping to bandaid it locally and then eventually go out and fix the offending equipment.